Imagine going in to do an incident response at a fairly large customer that has no visibility within their firewalls, no intrusion detection, no sense of inventory, because they had no ability to run even the most basic of vulnerability scans across their network. If I just described something that sounds a little scarily like …

Security Incident Response is like firefighting: it’s not something you need everyday, but when you need it, you want the best, and you want it fast. We’re proud to announce our new cyber security incident response team, and we’d like to tell you what they do, and how best to utilize this new service. We …

I’m extremely excited to announce that I will be speaking at MIRcon2013 on ModSecurity! The presentation’s goal is to help systems administrators, incident responders, and security analysts better manage and run an installation of ModSecurity. Here is the synopsis from the presentation. Any publicly available web server and site is under attack on a regular …

I was recently watching a web cast on incident response and found myself thinking about the cause of the example incident. It was yet another instance where phishing emails were sent, desktops were owned and data left the victim’s network. I’m not sure how many presentations, web casts and papers that I’ve listened/read that point …

If you have been glancing at many news stories this year, you have certainly seen the large number of data breaches that have occurred. Even just today, we are seeing reports that Drupal.org suffered from a breach (https://drupal.org/news/130529SecurityUpdate) that shows unauthorized access to hashed passwords, usernames, and email addresses. Note that this is not a …

As one of the founders of Secure Ideas, I am often asked how someone gets into InfoSec and/or how do they get hired at Secure Ideas. So I thought it would make sense to discuss this here on the blog… So the first thing to understand is that I think that it is critical to …

A while back I had to deal with a compromised web server for some folks. They had some WordPress sites with a vulnerable plugin and found that attackers were putting up malicious web pages for other victims to view. The owners of the sites were understandably upset. The malicious files names didn’t follow much of …

Like a lot of folks, I downloaded and read through the Mandiant APT1 report as soon as I could. It’s an excellent resource and I highly recommend reading it if you have not already. It goes into great detail on how they have tracked a particular team of attackers. They lay out how they have …

Shortly before joining Secure Ideas, I spoke on Security Onion and Network Security Monitoring (NSM) at the Utah Open Source Conference 2012. The presentation was aimed at introducing folks to Security Onion and how to get started with it. The demo gods were tempted during the presentation, but I was still able to setup a …